diff --git a/.gitignore b/.gitignore index c755cb4..970128b 100644 --- a/.gitignore +++ b/.gitignore @@ -5,3 +5,4 @@ /Botan-1.8.12.stripped.tbz /Botan-1.8.13.stripped.tbz /Botan-1.8.14.stripped.tbz +/Botan-1.8.15.stripped.tar.gz diff --git a/botan-1.8.14-soname.patch b/botan-1.8.14-soname.patch deleted file mode 100644 index 6976728..0000000 --- a/botan-1.8.14-soname.patch +++ /dev/null @@ -1,19 +0,0 @@ -# -# old_revision [adcf24b7e258c125f78aaff4ef2d3557f1183c3e] -# -# patch "configure.py" -# from [b43917e0e74e7ef1ff0024542da0dabe104a1582] -# to [ba82e657a585f31e9ba20056a57c5f597c0f0297] -# -============================================================ ---- configure.py b43917e0e74e7ef1ff0024542da0dabe104a1582 -+++ configure.py ba82e657a585f31e9ba20056a57c5f597c0f0297 -@@ -38,7 +38,7 @@ class BuildConfigurationInformation(obje - version_major = 1 - version_minor = 8 - version_patch = 14 -- version_so_patch = 13 -+ version_so_patch = 2 - version_suffix = '' - - version_string = '%d.%d.%d%s' % ( diff --git a/botan-1.8.15-fix-x509-dn-cmp.patch b/botan-1.8.15-fix-x509-dn-cmp.patch new file mode 100644 index 0000000..1757d23 --- /dev/null +++ b/botan-1.8.15-fix-x509-dn-cmp.patch @@ -0,0 +1,13 @@ +diff --git a/src/utils/parsing.cpp b/src/utils/parsing.cpp +index bdb9e79..3f56d12 100644 +--- a/src/utils/parsing.cpp ++++ b/src/utils/parsing.cpp +@@ -227,6 +227,8 @@ bool x500_name_cmp(const std::string& name1, const std::string& name2) + + if(p1 == name1.end() && p2 == name2.end()) + return true; ++ if(p1 == name1.end() || p2 == name2.end()) ++ return false; + } + + if(!Charset::caseless_cmp(*p1, *p2)) diff --git a/botan-1.8.15-soname.patch b/botan-1.8.15-soname.patch new file mode 100644 index 0000000..92621f0 --- /dev/null +++ b/botan-1.8.15-soname.patch @@ -0,0 +1,12 @@ +diff -up Botan-1.8.15/configure.py.orig Botan-1.8.15/configure.py +--- Botan-1.8.15/configure.py.orig 2016-02-13 17:52:52.000000000 +0100 ++++ Botan-1.8.15/configure.py 2016-02-13 19:42:13.768986406 +0100 +@@ -38,7 +38,7 @@ class BuildConfigurationInformation(obje + version_major = 1 + version_minor = 8 + version_patch = 15 +- version_so_patch = 13 ++ version_so_patch = 2 + version_suffix = '' + + version_string = '%d.%d.%d%s' % ( diff --git a/botan.spec b/botan.spec index cb1aebf..52f393e 100644 --- a/botan.spec +++ b/botan.spec @@ -1,17 +1,19 @@ Name: botan -Version: 1.8.14 -Release: 1%{?dist} +Version: 1.8.15 +Release: 2%{?dist} Summary: Crypto library written in C++ Group: System Environment/Libraries License: BSD URL: http://botan.randombit.net/ # tarfile is stripped using repack.sh. original tarfile to be found -# here: http://files.randombit.net/botan/Botan-%%{version}.tbz -Source0: Botan-%{version}.stripped.tbz +# here: http://botan.randombit.net/releases/Botan-%%{version}.tgz +Source0: Botan-%{version}.stripped.tar.gz Source1: README.fedora # soname was changed unintentionally upstream, revert it. -Patch0: botan-1.8.14-soname.patch +Patch0: botan-1.8.15-soname.patch +# cherry-pick commit c9271016 from 1.10 branch: fix for CVE-2017-2801 +Patch1: botan-1.8.15-fix-x509-dn-cmp.patch BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) BuildRequires: gcc-c++ @@ -50,7 +52,8 @@ developing applications that use %{name}. %prep %setup -q -n Botan-%{version} -%patch0 -p0 +%patch0 -p1 +%patch1 -p1 cp -av %{SOURCE1} . %build @@ -93,7 +96,6 @@ rm -rf %{buildroot} %files -%defattr(-,root,root,-) %{_libdir}/libbotan*-*.so %doc _doc/readme.txt _doc/log.txt _doc/thanks.txt _doc/credits.txt %doc _doc/license.txt _doc/fips140.tex _doc/pgpkeys.asc @@ -101,7 +103,6 @@ rm -rf %{buildroot} %files devel -%defattr(-,root,root,-) %doc doc/examples %doc _doc/api* _doc/tutorial* %{_bindir}/botan-config @@ -122,6 +123,17 @@ LD_LIBRARY_PATH=%{buildroot}%{_libdir} ./check --validate %changelog +* Tue Oct 3 2017 Thomas Moschny - 1.8.15-2 +- Patch to fix X509 DN comparisons. + +* Sat Feb 13 2016 Thomas Moschny - 1.8.15-1 +- Update to 1.8.15. +- Remove patch applied upstream. +- Remove %%defattr directives. + +* Sat May 10 2014 Thomas Moschny - 1.8.14-2 +- Add patch to fix prime testing. + * Sat Aug 25 2012 Thomas Moschny - 1.8.14-1 - Update to 1.8.14. diff --git a/repack.sh b/repack.sh index 9bd4162..475c8b7 100755 --- a/repack.sh +++ b/repack.sh @@ -1,23 +1,23 @@ #! /bin/bash -version=1.8.14 -name=Botan-${version} -suffix=.tbz -newsuffix=.stripped.tbz -compr=bzip2 +name=Botan-1.8.15 +src=${name}.tgz +dst=${name}.stripped.tar.gz -trap '${tmpfile:+rm ${tmpfile}}' EXIT -tmpfile=$(mktemp) +rm -f ${dst} ${dst%.gz} +cp -av ${src} ${dst} -${compr} -cd ${name}${suffix} > ${tmpfile} +gzip -d ${dst} -tar --delete --file=${tmpfile} ./Botan-${version}/src/block/idea -tar --delete --file=${tmpfile} ./Botan-${version}/src/block/rc6 -tar --delete --file=${tmpfile} ./Botan-${version}/src/block/rc5 -tar --delete --file=${tmpfile} ./Botan-${version}/src/math/gfpmath -tar --delete --file=${tmpfile} ./Botan-${version}/src/pubkey/ec_dompar -tar --delete --file=${tmpfile} ./Botan-${version}/src/pubkey/ecc_key -tar --delete --file=${tmpfile} ./Botan-${version}/src/pubkey/ecdsa -tar --delete --file=${tmpfile} ./Botan-${version}/src/pubkey/eckaeg +tar --delete --file=${dst%.gz} \ + ${name}/src/block/idea \ + ${name}/src/block/rc6 \ + ${name}/src/block/rc5 \ + ${name}/src/math/gfpmath \ + ${name}/src/pubkey/ec_dompar \ + ${name}/src/pubkey/ecc_key \ + ${name}/src/pubkey/ecdsa \ + ${name}/src/pubkey/eckaeg +touch -m -r ${src} ${dst%.gz} -${compr} -c ${tmpfile} > ${name}${newsuffix} +gzip ${dst%.gz} diff --git a/sources b/sources index 219b46d..cdf2878 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -4b5ce78b1cfc0735eb7ec4f6903068ca Botan-1.8.14.stripped.tbz +9206a5cb467cd9c8f81be72a52a2d4f8 Botan-1.8.15.stripped.tar.gz